Many people were asking about doing SSO to Amazon AWS from SSOCircle. Since SSOCircle Public IDP has a common Circle of Trust the Service Provider EntityIDs are shared and must be unique. AWS provides a single SAML Service Provider Metadata file at https://signin.aws.amazon.com/static/saml-metadata.xml for all AWS customers. As the AWS SP is already imported into […]
SSOCircle recently introduces a Graph based identity management system with user manageable access permissions and an entitlement API. Enter ReBAC (Relationship Based Access Control. Add ReBAC to ABAC (Attribute Based Access Control) and RBAC (Role Based Access Control) and get StarBAC. ReBAC can be described by the explicit tracking of relationships between identities themselves and […]
Applies to the Public IDP. Not to our IDPee offerings. Update: Public IDP Metadata will be replaced during a maintenance window at the weekend of 13/14th August 2016. We do not expect downtime but there may be some changes needed at your service provider. SSOCircle Root CA certificate used for client certificate authentication will also […]
The following article refers to the process of generating client certificates at the SSOCircle Public IDP. In the PKI functionality of SSOCircle IDP we allow the automatic generation of keys and the enrollment of X.509 certificates. Client certificates are used for strong authentication. These certificates are not related to the certificates used with SAML single […]
The vulnerability in the Microsoft Office 365 SAML implementation, published last week, dramatically underlines how important it is to handle account federations with due diligence. In the light that such a drastic authentication bypass can happen, not only at a small SaaS and cloud player, but at a provider of the size and importance of […]
cURL and wget – these tools tend to be of great value when a developer starts programming against a new API. With OAuth, you need to get an access token from one API and query another API for the actual data. Seeing the requests at the command line helps understanding the protocols and errors that […]
SAML Integration is easy? If you start to get your hands dirty and undertake the first steps in implementing the standard, you will most likely get an error when running your initial tests. You simply might have missed to import your service provider metadata into the SSOCircle of Trust or have something wrong with the […]
The newspapers “Zeit” and “c’t” revealed that credit cards with new chip-and-pin based security (EMV) can be cloned and used for payments. At first glance very surprising as EMV credit cards are smartcards with crypto graphic measures, which allow a bank to recognize modifications to cards or transaction data. These cards are per se more […]
A synonym for “timeout” is “break” or “pause”. Sounds like a good thing – in principle. When it comes to “session timeout” perception might be different. What exactly do we mean with “session timeout”? At OWASP you might find explanations similar to: Session timeout defines an action window which represents the time span in which […]
Google Apps integration into the SSOCircle of Trust was started in 2007 and has been one of the first active Google SAML integration in that time. Our intention was to showcase a working demo for SAML single sign on. We have now received an email from Google which states that the Google Apps ISP Partner […]
